npm - @blamejs/exceptd-skills - Versions diffs - 0.13.98 → 0.13.100 - Mend

@blamejs/exceptd-skills 0.13.98 → 0.13.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/CHANGELOG.md +8 -0
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +2 -2
package/data/_indexes/catalog-summaries.json +2 -2
package/data/_indexes/chains.json +1155 -0
package/data/atlas-ttps.json +9 -0
package/data/attack-techniques.json +9 -0
package/data/cve-catalog.json +318 -0
package/data/cwe-catalog.json +3 -0
package/data/framework-control-gaps.json +24 -0
package/data/zeroday-lessons.json +150 -0
package/manifest.json +44 -44
package/package.json +2 -2
package/sbom.cdx.json +25 -25

package/data/atlas-ttps.json CHANGED Viewed

@@ -144,11 +144,14 @@
     "last_verified": "2026-05-19",
     "cve_refs": [
       "CVE-2023-43654",
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-37032",
       "CVE-2025-1550",
+      "CVE-2025-32434",
+      "CVE-2025-33236",
       "CVE-2025-8747",
       "CVE-2026-22778",
       "CVE-2026-30615",
@@ -1273,11 +1276,14 @@
     "last_verified": "2026-05-19",
     "cve_refs": [
       "CVE-2023-44467",
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-21513",
       "CVE-2025-1550",
+      "CVE-2025-32434",
+      "CVE-2025-33236",
       "CVE-2025-8747",
       "MAL-2024-PYPI-ULTRALYTICS-XMRIG"
     ],
@@ -2832,10 +2838,13 @@
     "is_subtechnique": true,
     "cve_refs": [
       "CVE-2022-1471",
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2025-1550",
+      "CVE-2025-32434",
+      "CVE-2025-33236",
       "CVE-2025-8747"
     ]
   },

package/data/attack-techniques.json CHANGED Viewed

@@ -277,6 +277,7 @@
       "CVE-2023-44467",
       "CVE-2023-48022",
       "CVE-2023-6019",
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
@@ -294,7 +295,9 @@
       "CVE-2025-1753",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32434",
       "CVE-2025-32444",
+      "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-53773",
@@ -1120,11 +1123,14 @@
     "name": "Supply Chain Compromise: Software Supply Chain",
     "version": "v19",
     "cve_refs": [
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-3094",
       "CVE-2025-1550",
+      "CVE-2025-32434",
+      "CVE-2025-33236",
       "CVE-2025-8747",
       "CVE-2026-45321",
       "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
@@ -4303,10 +4309,13 @@
     "stix_id": "attack-pattern--8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
     "is_subtechnique": false,
     "cve_refs": [
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2025-1550",
+      "CVE-2025-32434",
+      "CVE-2025-33236",
       "CVE-2025-8747"
     ]
   },

package/data/cve-catalog.json CHANGED Viewed

@@ -15169,6 +15169,324 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Anyscale Ray's dashboard log API allows path traversal to read any file on the host without authentication (CWE-22 LFI); fixed in 2.8.1."
   },
+  "CVE-2025-33236": {
+    "name": "NVIDIA NeMo Framework Malicious Model Import Code Injection RCE",
+    "type": "RCE",
+    "cvss_score": 7.8,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "CNA (NVIDIA) CVSS v3.1 base 7.8 (HIGH); NVD has not published its own assessed score. Importing a malicious AI model causes code injection (CWE-94) - NeMo silently executes attacker-controlled code with no warning. Disclosed by Cato CTRL.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the NVIDIA NeMo security bulletin and Cato CTRL research ('New Vulnerabilities in NVIDIA NeMo and Meta PyTorch Enable Full System Compromise'): loading/importing a maliciously crafted NeMo model triggers code injection in the importing process.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via NVIDIA's NeMo security bulletins (Cato CTRL research). NeMo is NVIDIA's LLM training/customization framework; the abused surface is its model-import/load path.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; an untrusted model artifact executing code on load.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor/researcher disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA NeMo Framework before 2.6.1.",
+    "affected_versions": [
+      "NVIDIA NeMo Framework < 2.6.1"
+    ],
+    "vector": "NVIDIA NeMo Framework deserializes / loads an imported AI model without validation, so a maliciously crafted model triggers code injection (CWE-94) and executes attacker code in the importing process - the canonical 'model file is executable code' class, here in NVIDIA's LLM training/customization framework.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:L / AC:L - local context; the precondition is loading an untrusted NeMo model.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading NVIDIA NeMo to 2.6.1 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA NeMo to 2.6.1 or later, and only load NeMo models from trusted sources (verify provenance; load untrusted models sandboxed)."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM training/customization framework's model-load path as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to imported model artifacts/archives that NeMo deserializes or extracts.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the model-import path of an LLM framework as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach LLM-framework model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-model-artifact loading in an LLM framework as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating NeMo model artifacts as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM training/customization frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model artifact as untrusted executable input; loading an untrusted NeMo model is RCE."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 27, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at/after disclosure (Hard Rule #3). poc_available=20 + blast_radius=22 (NeMo is NVIDIA's widely used LLM framework) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-33236",
+    "cwe_refs": [
+      "CWE-94"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during NeMo model import / SaveRestoreConnector load of an externally sourced model.",
+        "An imported NeMo model whose serialized content resolves to code execution on load.",
+        "Loading NeMo models from a hub or shared store without provenance verification.",
+        "NVIDIA NeMo at an affected version (NVIDIA NeMo Framework < 2.6.1) loading untrusted models - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the NVIDIA NeMo security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5762) and Cato CTRL research, plus NVD CVE-2025-33236 (CWE-94). The untrusted-model-load path is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-33236",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5762"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5762",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762",
+        "severity": "high",
+        "published_date": "2026-02-18"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-33236",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33236",
+        "severity": "high",
+        "published_date": "2026-02-18"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-94; CNA NVIDIA CVSS 7.8, no NVD-assessed score) + the NVIDIA NeMo security bulletin. NeMo model-load code-execution; same untrusted-model-artifact class as the Keras / HF Transformers entries (shares NEW-CTRL-091).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA NeMo Framework executes attacker code when a malicious AI model is imported (CWE-94 code injection), silently; fixed in 2.6.1."
+  },
+  "CVE-2024-0129": {
+    "name": "NVIDIA NeMo SaveRestoreConnector .tar Path Traversal to Code Execution",
+    "type": "RCE",
+    "cvss_score": 7.8,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.8 (HIGH); NVIDIA as CNA scored 6.3 (MEDIUM, Scope:Changed). Path traversal via unsafe .tar extraction in the SaveRestoreConnector (CWE-22), enabling code execution and data tampering when a malicious .nemo model is loaded.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the NVIDIA NeMo security bulletin: loading/importing a maliciously crafted NeMo model triggers path-traversal file write in the importing process.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via NVIDIA's NeMo security bulletins. NeMo is NVIDIA's LLM training/customization framework; the abused surface is its model-import/load path.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; an untrusted model artifact executing code on load.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor/researcher disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA NeMo before r2.0.0rc0 (the SaveRestoreConnector); fixed in r2.0.0rc0 per NVIDIA advisory a_id/5580.",
+    "affected_versions": [
+      "NVIDIA NeMo < r2.0.0rc0"
+    ],
+    "vector": "NeMo's SaveRestoreConnector extracts a .nemo model archive (a .tar) without restricting entry paths, so a crafted archive writes files outside the intended directory (CWE-22 path traversal). Loading a malicious NeMo model thereby writes attacker content to an arbitrary path and can lead to code execution.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:L / AC:L - local context; the precondition is loading an untrusted NeMo model.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading NVIDIA NeMo to r2.0.0rc0 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA NeMo to r2.0.0rc0 or later, and only load NeMo models from trusted sources (verify provenance; load untrusted models sandboxed)."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM training/customization framework's model-load path as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to imported model artifacts/archives that NeMo deserializes or extracts.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the model-import path of an LLM framework as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach LLM-framework model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-model-artifact loading in an LLM framework as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating NeMo model artifacts as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM training/customization frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model artifact as untrusted executable input; loading an untrusted NeMo model is RCE."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 25,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 20,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 25, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at/after disclosure (Hard Rule #3). poc_available=20 + blast_radius=20 (NeMo is NVIDIA's widely used LLM framework) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-0129",
+    "cwe_refs": [
+      "CWE-22"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during NeMo model import / SaveRestoreConnector load of an externally sourced model.",
+        "A .nemo (.tar) archive whose entries contain ../ traversal paths writing outside the extraction directory.",
+        "Loading NeMo models from a hub or shared store without provenance verification.",
+        "NVIDIA NeMo at an affected version (NVIDIA NeMo < r2.0.0rc0) loading untrusted models - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the NVIDIA NeMo security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5580), plus NVD CVE-2024-0129 (CWE-22). The untrusted-model-load path is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-0129",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5580"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5580",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5580",
+        "severity": "high",
+        "published_date": "2024-10-15"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-0129",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0129",
+        "severity": "high",
+        "published_date": "2024-10-15"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-22; NIST CVSS 7.8, NVIDIA CNA 6.3) + the NVIDIA NeMo security bulletin. NeMo model-load code-execution; same untrusted-model-artifact class as the Keras / HF Transformers entries (shares NEW-CTRL-091).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA NeMo's SaveRestoreConnector extracts a .nemo (.tar) model archive without path restriction (CWE-22), so a malicious model writes to an arbitrary path and can execute code; fixed in r2.0.0rc0."
+  },
+  "CVE-2025-32434": {
+    "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). torch.load executes code from a crafted checkpoint even when called with weights_only=True (CWE-502) - the very setting the ecosystem recommended as the safe way to load untrusted models.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the PyTorch GitHub security advisory GHSA-53q9-r3pm-6pq6: a maliciously crafted model checkpoint executes code when loaded with torch.load, even with weights_only=True set, defeating the recommended safe-load guidance.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_discovery_notes": "Disclosed via the PyTorch project's GitHub security advisory. PyTorch is the foundational deep-learning framework; the abused surface is its primary model-loading API.",
+    "ai_assisted_notes": "No AI-assisted weaponization; unsafe deserialization in the model-loading API, notable because it bypasses the documented safe-load mitigation.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "PyTorch up to and including 2.5.1 (torch.load); fixed in 2.6.0.",
+    "affected_versions": [
+      "PyTorch <= 2.5.1"
+    ],
+    "vector": "PyTorch's torch.load deserializes a model checkpoint in a way that executes attacker-controlled code even when weights_only=True is set (CWE-502). Because weights_only=True was the ecosystem's recommended safe way to load untrusted checkpoints, code that followed that guidance is still vulnerable - loading a malicious model from a hub or untrusted source is remote code execution.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N - loading an untrusted checkpoint; no user interaction beyond the load call.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading PyTorch to 2.6.0 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade PyTorch to 2.6.0 or later. Do not rely on weights_only=True to make untrusted checkpoints safe on <= 2.5.1; only load models from trusted sources, verify provenance, prefer safetensors, and load untrusted models sandboxed."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the foundational deep-learning framework's model-loading API as managed, RCE-bearing software, nor that the documented safe-load setting (weights_only=True) was bypassable.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to model checkpoints that torch.load deserializes; the safe-load flag was trusted as sufficient.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the DL framework's model-loading path as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach DL-framework model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-checkpoint loading in PyTorch as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating model checkpoints as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out the foundational DL framework's model loaders.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model checkpoint as untrusted executable input; loading one with torch.load (even weights_only=True on <= 2.5.1) is RCE, and a 'safe' flag proved necessary-but-insufficient."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 33,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 33, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=28 (PyTorch is the foundational deep-learning framework) minus patch 15. Note: this bypasses the documented safe-load mitigation, so deployments that 'did the right thing' (weights_only=True on <= 2.5.1) remain exposed.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-32434",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during torch.load of an externally sourced checkpoint, including when weights_only=True is set.",
+        "A model checkpoint from a hub or shared store whose deserialization resolves to code execution.",
+        "Loading checkpoints without provenance verification through PyTorch <= 2.5.1.",
+        "PyTorch <= 2.5.1 loading untrusted checkpoints - the exposed precondition (weights_only=True does not mitigate on these versions)."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the PyTorch GitHub security advisory (https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6) and NVD CVE-2025-32434 (CWE-502). The torch.load code execution despite weights_only=True is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-32434",
+      "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (pytorch)",
+        "advisory_id": "GHSA-53q9-r3pm-6pq6",
+        "url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6",
+        "severity": "critical",
+        "published_date": "2025-04-18"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-32434",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434",
+        "severity": "critical",
+        "published_date": "2025-04-18"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 9.8) + the PyTorch GitHub security advisory. The foundational DL framework's torch.load executes code even with weights_only=True on <= 2.5.1; same untrusted-model-artifact class as Keras / HF Transformers / NeMo (shares NEW-CTRL-091), and a documented-safe-mitigation bypass.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "PyTorch's torch.load executes code from a crafted checkpoint even with weights_only=True on <= 2.5.1 (CWE-502), defeating the recommended safe-load guidance; fixed in 2.6.0."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json CHANGED Viewed

@@ -96,6 +96,7 @@
       "CVE-2023-43472",
       "CVE-2023-51449",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0769",
       "CVE-2024-13059",
       "CVE-2024-1561",
@@ -386,6 +387,7 @@
       "CVE-2025-11837",
       "CVE-2025-1550",
       "CVE-2025-32432",
+      "CVE-2025-33236",
       "CVE-2025-37164",
       "CVE-2025-43200",
       "CVE-2025-4428",
@@ -1333,6 +1335,7 @@
       "CVE-2025-24016",
       "CVE-2025-26399",
       "CVE-2025-30165",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-40551",
       "CVE-2025-42999",

package/data/framework-control-gaps.json CHANGED Viewed

@@ -40,6 +40,7 @@
       "CVE-2023-51449",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0132",
       "CVE-2024-11392",
       "CVE-2024-11393",
@@ -62,7 +63,9 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
+      "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -1395,6 +1398,7 @@
       "CVE-2023-52163",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0769",
       "CVE-2024-11182",
       "CVE-2024-11392",
@@ -1474,6 +1478,7 @@
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
@@ -1483,6 +1488,7 @@
       "CVE-2025-32975",
       "CVE-2025-33053",
       "CVE-2025-33073",
+      "CVE-2025-33236",
       "CVE-2025-34026",
       "CVE-2025-34291",
       "CVE-2025-35939",
@@ -1828,6 +1834,7 @@
       "CVE-2023-51449",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0132",
       "CVE-2024-11392",
       "CVE-2024-11393",
@@ -1854,7 +1861,9 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
+      "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-38352",
       "CVE-2025-43300",
@@ -2295,6 +2304,7 @@
     "opened_date": "2026-05-13",
     "evidence_cves": [
       "CVE-2023-44467",
+      "CVE-2024-0129",
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
@@ -2310,6 +2320,8 @@
       "CVE-2025-1753",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32434",
+      "CVE-2025-33236",
       "CVE-2025-60455",
       "CVE-2025-64496",
       "CVE-2025-6965",
@@ -2459,6 +2471,7 @@
       "CVE-2023-52163",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0132",
       "CVE-2024-0769",
       "CVE-2024-11182",
@@ -2541,6 +2554,7 @@
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
@@ -2550,6 +2564,7 @@
       "CVE-2025-32975",
       "CVE-2025-33053",
       "CVE-2025-33073",
+      "CVE-2025-33236",
       "CVE-2025-34026",
       "CVE-2025-34291",
       "CVE-2025-35939",
@@ -4975,6 +4990,7 @@
       "CVE-2023-51449",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0132",
       "CVE-2024-11392",
       "CVE-2024-11393",
@@ -4999,7 +5015,9 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
+      "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5521,6 +5539,7 @@
     "evidence_cves": [
       "CVE-2023-44467",
       "CVE-2023-51449",
+      "CVE-2024-0129",
       "CVE-2024-0132",
       "CVE-2024-11392",
       "CVE-2024-11393",
@@ -5543,7 +5562,9 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
+      "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5608,6 +5629,7 @@
       "CVE-2023-51449",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-0129",
       "CVE-2024-0132",
       "CVE-2024-11392",
       "CVE-2024-11393",
@@ -5632,7 +5654,9 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
+      "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",